[转载]Security for Web 2.0 Application Scenarios: Exposures, Issues, and Chall

文章作者：Sumeer Bhola, Suresh Chari, and Michael Steiner
原始出处：http://seclab.cs.rice.edu/w2sp/2007/

本文章是Web 2.0 Security & Privacy 2007会议议题。

The standardization of the Document Object Model (DOM), the interfaces to access the DOM in JavaScript, and the primitives for asynchronous communication with servers has resulted in an explosion of new application models on the Internet. From a technologies standpoint, we have seen the
organic growth of numerous client side programming frameworks, new data formats like JSON, and new RPC paradigms like JSON-RPC. Traditional security models which were defined and developed before these applications, technologies, and business models evolved, are simplistic, and in many cases inadequate to address the current security exposures. In this paper we document a small number of cases where we feel new security models and techniques need to be developed. To illustrate these issues we consider a typical application: a mashup consisting of content from different trust domains rendered on a single end-user browser window.